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Basis of the report 



Wiih regard to the elements of the international application:* 
I [ the international application as originally filed. 

[xl the description, pages 1-3,7-20, as originally filed, 



X the claims. 



pages 
pages 



r3c] the drawings, 



pages f filed with the demand, 

pages 4-6, 6 A, received on 20 July 2004 with the letter of 20 July 2004 
pages , as originally filed, 

as amended (together with any statement) under Article 19, 
filed with the demand, 
pages 21-25, received on 20 July 2004 witli tlie letter of 20 July2004 
pogos/ figs 1-6, as originally filed, 
pages » filed with the demand, 
pages , received on with the letter of 
I ] the sequence listing part of the description: 

pages' as originally filed 

pages , filed with the demand 

pages , received on with the letter of 

2. With regard to the language, all the elements marked above were available or furnished to this Authority in the language in 
which the international application was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language which is: 

[ I the language of a translation furnished for the purposes of international search (under Rule 23.1(b)). 

I J the language of publication of the international application (under Rule 48.3(b)). 

nn the language of the translation famished for the purposes of international preliminary examination (under Rules 55.2 
— and/or 55.3). 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the international 

preliminary examination was carried out on the basis of the sequence listing: 
I I contained in the international application in written form. 

I I filed together with the international application in computer readable form. 

I I furnished subsequently to this Authority in written form. 

I I fanii:>hcd subsequently to this Authority in computer readable form. 

[ I The statement that the subsequently furnished written sequence listing does not go beyond the disclosure in the 
international application as filed has been furnished. 

I j The statement that the information recorded in computer readable form is identical to the uTitten sequence listing has 
been furnished 

4. I I The amendments have resulted in the cancellation of: 

I I the description, pages 

[ I the claims, Nos. 

I I the drawings, sheets/fig. 

5. I I This report ha.s been established as if (some of) the amendments had not been made, since they 

go beyond the disclosure as filed, as indicated in the Supplemental Box (Rule 70.2(c)). 
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report as "originatfy filed" and are nor annexed to this report xince they do not contain amendments (Avics 70. J 6 and 70. J 7). 

Any replacement sheet containing such amendments must be referred to under ilem J and annexed to this report 
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Reasoned statenient under Article 35(2) with regard to novelty, Inventive step or Industrial applicability; citations 
and explanations supporting such statement 



1 . Statement 



Novelty (N) 


Claims 


1-26 


YES 




Claims 


NONE 


NO 


Inventive step (IS) 


Claims 


1-26 


YES 




Claims 


NONE 


NO 


Industrial applicability (lA) 


Claims 


1-26 


YES 




Claims 


NONE 


NO 



2. Citations and explanations (Rule 70.7) 

Reference is made to the following documents cited in the Australian ISR: 

Dl WO 1999/034544 AI (UKIAH SOFTWARE, INC.) 8 July 1999 

D2 US 5867483 A (ENNIS. JR et al) 2 February 1999 

D3 US 623361 8 Bl (SHANNON) 15 May 2001 

D4 US 6052 730 A (FELCIANO et al) 18 April 2000 

NOVELTY fN) and INVENTIVE STEP rtS^ claims 1-26; 

Dl is regarded as the closest prior art citation. Like the current application, *544 discloses a method of 
monitoring and controlling (via a gateway and firewall) data transfer between a first and second communication 
netv.'ork. Furthermore, *544 discloses real time monitoring of data transfer to/from an authenticated user (eg ;! 
differentiating user by an IP address) or group of pre determined users (eg group of known IP addresses). This 
system is suitable for real time monitoring, logging and fault notification, as well as enforcing users bandwidths 
according to preset rules. I refer you to the following sections which clearly disclose these features: 

Dl abstract, page 4 (paragraphs 2 & 3), page 5 (paragraph 2), & pages 12-24 

The current application differs from the aforementioned citations by d^oiamically controlling a users available 
bandwidth in real time (see claim 1 line 14). Although the aforementioned citations disclose real time 
monitoring, none disclose dynamically controlling at least one user's available bandwidth in real time. As such 
claims 1-26 aie considered novel under Article 33(2) of the PCT. In addition 1 consider this diffenmcc would 
not have been obvious to a skilled person, and as such the subject matter of these claims is also considered to 
involve an inventive step under Article 33(3) PCT. 
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Basis of the report 



1 . With regard to the elements of the international application:* 
I I the international application as originally filed. 

fxl the description, pages 1-3,7-20, as originally filed, 

pages I filed with the demand, 

pages 4-6, 6 A, received on 20 July 2004 with the leuer of 20 July 2004 

[x] the claims, pages , as originally filed, 

pages , as amended (logclher with any statement) under Article 1 9, 

pages , filed wirfi the demand, 

pages 21-25, received on 20 July 2004 with the letter of 20 July20G4 



X| the drawings, pag es/flgs 1-6, as originally filed, 
pages , filed with the demand, 
pages , received on with the letter of 
I I the sequence listing part of the description: 

pages , as originally filed 

pages , filed witli the demand 

pages , received on with the letter of 

With regard to the language, all the elements marked above were available or furnished to this Authority in the language in 

which the intcmaiional application was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language which is: 

I I the language of a translation furnished for the purposes of international search (under Rule 23.1(b)). 

[ ] the language of publication of the intematibnal application (under Rule 48.3(b)). 

I I tlie language of the translation fiimished for the purposes of international preliminary examination (under Rules 55.2 
— and/or 55,3). 

With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the international 

preliminary examination was carried out on the basis of the sequence listing: 
I I contained in the international application in written form. 

[ I filed together with the international application in computer readable form. 

I I furnished subsequently to this Authority in written form. 

[ I furnished subsequently to this Authority in computer readable form. 

I I The statement that the subsequently furnished written sequence listing does not go beyond the disclosure in the 
international application as filed has been furnished. 

I I The statement that the information recorded in computer readable form is identical to the written sequence listing has 
been furnished 

I I The amendments have resulted in the cancellation of: . . 

I I the description, pages 

[ I the claims, Nos. 

I I the drawings, shccis/fig. 

I I This report has been established as if (some of) the amendments had not been made, since they have been considered to 
go beyond the disclosure a.s filed, as indicated in the Supplemental Box (Rule 70.2(c)).^* 



Replacr.me.nt she.Kts which have her.n/urnithe.ri to (he receiving Office in response to an invitaiton under Article J 4 arc referred to in (his 
rr.pnrl a.T "nriginully filed" and are nfit annexed to thu: report since they do not contotrt amendments (Rules 70, 16 and 70,17). 

Any replacement sheet containing such amendments must he re/erred to under item J and annexed to this report 
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Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; citations 
and explanations supporting such statement 



1 . Statement 



Novelty (N) 


Claims 


1-26 


YT5S 




Claims 


NONE 


NO 


Inventive step (IS) 


Claims 


1-26 


YES 




Claims 


NONE 


NO . 


Industrial applicability (lA) 


Claims 


1-26 


YES 




Claims 


NONE 


NO 



Citations and explanations (Rule 70.7) 

Reference is made to the following documents cited in the Australian ISR: 

Dl WO 1999/054544 Al (UKIAH SOFTWARE, INC.) 8 July 1999 

D2 US 5867483 A (ENNIS, JR et al) 2 February 1999 

D3 US 6233618 Bl (SHANNON) 15 May 2001 

D4 US 6052730 A (FELCIANO ct al) 18 April 2000 

NOVELTY (N^ and INVENTIVE STEP aS) claims U26i 

Dl is regarded as the closest prior art citation. .Like the current application, *544 discloses a method of 
monitoring and controlling (via a gateway and firewall) data transfer between a first and second communication 
network. Furthermore, *544 discloses rt;al time monitoring of data transfer to/from an authenticated user (eg ;[ 
differentiating user by an IP address) or group of pre determined users (eg group of known IP addresses). This 
system is suitable for real time monitoring, logging and fault notification, as well as enforcing users bandwidths 
according to preset rules. I refer you to the following sections which clearly disclose these features: \ 

Dl abstract, page 4 (paragraphs 2 & 3), page 5 (paragraph 2), & pages 12-24 

The current application differs from the aforementioned citations by dynamically controlling a users available 
bandwidth in real time (see claim 1 line 14). Although the aforementioned citations disclose real time 
monitoring, none disclose dynamically controlling at least one user's available bandwidth in real lime. As such 
claims 1-26 are considered novel under Article 33(2) of the PCT. In addition I consider this difference would 
not have been obvious to a skilled person, and as such the subject matter of these claims is also considered to 
involve an inventive step under Article 33(3) PCT. 
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controlling data transfer between a user terminal coupled to a first 
communication network and a second communication network via a gateway 
and a firewall, said method including the steps of: 

sending an access request to said gateway from a said user tenminal 
requiring access to said second communication network; 

said gateway reading said access request; 

modifying at least one access rule In said firewall to permit access for 
said user terminal requesting access based on an authenticated IP address of 
said user terminal; 

monitoring simultaneously at said firewall transfer of data between said 
user terminal and said second communication network; and dynamically 
controlling in real time bandwidth available to said user terminal. 

The dynamic control of bandwidth available to the user terminal may 
occur whilst maintaining communication of the user terminal with the second 
communication network. 

A restricted bandwidth may be allocated on the fly to a single user 
terminal, a plurality of user terminals and/or one or more specified user 
accounts. Bandwidth may be controlled for uploading and/or downloading 
data. 

The method may further include the step of monitoring all ports of 
access of the user terminal. 

The method may further include the step of enabling and/or disabling 
one or more ports of access to each user terminal. 

Optionally, a single machine may include the gateway and the firewall. 
Alternatively, the firewall may be in a different machine from the gateway. 
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Authentication of the IP address is preferably carried out by the 
gateway. Authentication may be carried out using an encryption/decryption 
process. 

The method may further include the step of controlling access of a user 
5 terminal to the second communication network from a management terminal 
coupled to the first communication network. 

The method may further include the step of monitoring a period of time 
a user terminal has access to the second communication network. 

The miethod may further include the step of monitoring a quantity of 
10 data a user terminal uploads and/or downloads. 

The method may further include the step of monitoring a cost to a user 
of their user terminal having access to the second communication network. 

According to another aspect, the invention resides in a system for 
monitoring and controlling data transfer in communication networks, said 
15 system comprising: 

one or more user terminals coupled to a first communication network; 
a second communication network coupled to said first communication 
network via a gateway and a firewall; 

wherein said firewall simultaneously monitors transfer of data between 
20 said one or more user terminals and said second communication network for 
said user terminals having an authenticated IP address that has access to 
said second communication network and dynamically controls bandwidth in 
real time available to said one or more user terminals. 

Optionally, a single machine may include the gateway and the firewall. 
25 Alternatively, the firewall may be in a different machine from the gateway. 
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Authentication of the IP address Is preferably carried out by the 
gateway and may involve an encryption/decryption process to authenticate a 
remote terminal. 

A restricted bandwidth may be allocated on the fly to a single user 
terminal, a plurality of user terminals and/or one or more specified user 
accounts. Bandwidth may be controlled for uploading and/or downloading 
data. 

According to a further aspect, the invention resides in a gateway for 
monitoring and controlling data transfer in communication networks, said 
gateway comprising: 

a firewall for permitting access to a second communication network for 
one or more user terminals coupled to a first communication network having 
an authenticated IP address; 

wherein said gateway monitors simultaneously at said firewall transfer 
of data between said one or more user terminals and said second 
communication network and dynamically controls bandwidth in real time 
available to said one or more user terminals. 

The gateway may further comprise means for enabling and/or disabling 
one or more ports of access to each user terminal. 

Further aspects and features of the invention will become apparent 
from the following description. 

BRIEF DESCRIPTION OF THE DRAWINGS 
To assist in understanding the invention and to enable a person skilled 
in the art to put the invention into practical effect preferred. embodiments of 
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the invention will be described by way of example only with reference to the 
accompanying drawings, wherein: 

FIG. 1 shows a schematic representation of a computer system in 
accordance with the present invention in which the method and apparatus of 

5 
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CLAIMS 

1, A method of monitoring and controlling data transfer between a user 
terminal coupled to a first communication network and a second 
communication network via a gateway and a firewall, said method 

5 including the steps of: 

sending an access request to said gateway from said user terminal 
requiring access to said second communication network; 
said gateway reading said access request: 
^ modifying at least one access rule in said firewall to permit access for 

10 said user terminal requesting access based on an authenticated IP 

address of said user terminal requesting access; 

monitoring simultaneously at said firewall the transfer of data between 
said user terminal and said second communication network; and 
dynamically controlling in real time bandwidth available to said user 
15 terminal. 

2. The method of claim 1, wherein said dynamic control of bandwidth 
available to said user terminal occurs whilst maintaining communication 
of said user terminal with said second communication network, 

20 

3- The method of claim 1, wherein a restricted bandwidth is allocated to a 
single user terminal. 

4. The method of claim 1, wherein a restricted bandwidth is shared 
25 between a plurality of user terminals. 
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5. The method of claim 1 . wherein bandwidth is restricted for uploading 
data and/or downloading data. 

6. The method of claim 1. wherein a restricted bandwidth is allocated to 
one or more terminals for a prescribed time period. 

7. The method of claim l . wherein a restricted bandwidth is allocated to 
one or more temiinals on the basis of a priority status allocated to the 
one or more terminals or a user account. 

8. The method of claim 1, wherein the IP address of a user terminal is 
authenticated on the basis that the user terminal has previously been 
authenticated by the gateway using an encryption/decryption process. 

9. The method of claim 1, further including the step of monitoring all ports 
of access of said user terminal. 

10. The method of claim 1, further including the step of enabling and/or 
disabling one or more ports of access of a user terminal. 

11. The method of claim 1, further including the step of controlling access of 
a user terminal to the second communication network from a 
management terminal coupled to the first communication network. 
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12. The method of claim 1, further including the step of monitoring a period 
of time a user terminal has access to the second communication 
network. 



5 1.3. The method of claim 1. further including the step of monitoring a 

quantity of data a user terminal uploads and/or downloads. 



14. The method of claim 1, further including the step of monitoring a cost to 
• a user of their user terminal having access to the second communication 
10 network. 



15. A system for monitoring and controlling data transfer in communication 
networks, said system comprising: 

one or more user tenninals coupled to a first communication network; 
15 a second communication network coupled to said first communication 

network via a gateway and a firewall; 

wherein sard firewall simultaneously monitors transfer of data between 
said one or more user terminals and said second communication 
network for said user terminals having an authenticated IP address that 
20 has access to said second communication network and dynamically 

controls in real time bandwidth available to said one or more user 
terminals. 



16. The system of claim 15. wherein a single machine comprises both the 
25 gateway and the firewall. 
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17. The system of claim 15, wherein the firewall is in a different machine 
from the gateway. 



18. The system of claim 15. wherein authentication of the IP address is 
canried out by the gateway. 



19. The system of claim 18. wherein authentication employs an 
encryption/decryption process to authenticate a remote terminal. 

10 

20, The system of claim 15. wherein the firewall simultaneously monitors all 
ports of access of one or more of said user terminals. 



21. The system of claim 15, wherein a restricted bandwidth is allocated to a 
1 5 single user terminal. 



22. The system of claim 15, wherein a restricted bandwidth is shared 
between a plurality of user terminals. 



20 23-The system of claim 15, wherein a restricted bandwidth is allocated to a 

user account. 



24.The system of claim 15, wherein bandwidth is restricted for uploading 
data and/or downloading data. 
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25. The system of claim 15, wherein said dynamic control of bandwidth 
available to said one or more user terminals occurs whilst maintaining 
communication of said one or mora user terminals with said second 
communication network. 

26. A gateway for monitoring and controlling data transfer in communication 
networks, said gateway comprising: 

a firewall for permitting access to a second communication network 
for one or more user terminals coupled to a first communication network 
having an authenticated IP address; 

wherein said gateway monitors simultaneously at said firewall 
transfer of data between said one or more user terminals and said 
second communication network and dynamically controls in real time 
bandwidth available to said one or more user terminals. 

27. The gateway of claim 26, wherein the firewall simultaneously monitors 
all ports of access of one or more of said user terminals. 

28. The gateway of claim 26, wherein the dynamic control of bandwidth 
available to said one or more user terminals occurs whilst maintaining 
communication of said one or more user terminals with said second 
communication network. 

29. The gateway of claim 26, further comprising means for enabling and/or 
disabling one or more ports of access to each user terminal. 
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